LibreOffice 多个安全漏洞汇总 (堆溢出/任意代码执行等)

漏洞概述 该网页列出了多个与LibreOffice相关的安全漏洞，每个漏洞都对应一个CVE编号，并详细描述了漏洞的性质和影响。 影响范围 LibreOffice 26.2.3/25.8.7：Heap Buffer Overflow in AgileEngine LibreOffice 25.2.4/25.8.0：TCC Bypass via Inherited Permissions in Bundled Interpreter LibreOffice 24.8.6/25.2.2：PDF signature forgery with adbe.pkcs7.sha1 SubFilter LibreOffice 24.8.5/25.2.1：Macro URL arbitrary script execution LibreOffice 24.8.5：Executable hyperlink Windows path targets executed unconditionally on activation LibreOffice 24.8.4：Path traversal leading to arbitrary .ttf file write, URL fetching can be used to exfiltrate arbitrary INI file values and environment variables LibreOffice 24.8.0/24.2.5：Signatures in "repair mode" should not be trusted LibreOffice 24.2.5：Ability to trust not validated macro signatures removed in high security mode LibreOffice 24.2.4：TLS certificate are not properly verified when utilizing LibreOfficeKit LibreOffice 7.6.7/24.2.3：Graphic on-click binding allows unchecked script execution LibreOffice 7.6.4/7.5.9：Link targets allow arbitrary script execution LibreOffice 7.6.3/7.5.9：Improper input validation enabling arbitrary Gstreamer pipeline injection LibreOffice 7.4.7/7.5.3：Remote documents loaded without prompt via IFrame LibreOffice 7.4.6/7.5.1：Array Index UnderFlow in Calc Formula Parsing LibreOffice 7.3.6/7.4.1：Macro URL arbitrary script execution LibreOffice 7.2.7/7.3.3：Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password, Weak Master Keys LibreOffice 7.2.7/7.3.2：Execution of Untrusted Macros Due to Improper Certificate Validation LibreOffice 7.2.6/7.3.1：Empty entry in Java class path risks arbitrary code execution LibreOffice 7.2.5/7.3.0：Incorrect trust validation of signature with ambiguous KeyInfo children LibreOffice 7.0.6/7.1.3：fileloc extension added to macOS executable denylist LibreOffice 7.0.6/7.1.2：Content Manipulation with Double Certificate Attack, Timestamp Manipulation with Signature Wrapping LibreOffice 7.0.5/7.1.2：Denylist of executable filename extensions possible to bypass under windows LibreOffice 7.0.5/7.1.1：Content Manipulation with Certificate Validation Attack LibreOffice 6.4.4：remote graphics contained in docx format retrieved in 'stealth mode', XForms submissions could overwrite local files LibreOffice 6.3.6/6.4.3：Crash-recovered MSOffice encrypted documents defaulted to not to using encryption on next save LibreOffice 6.2.7/6.3.1：Unsafe URL assembly flaw in allowed script location check, Windows 8.3 path equivalence handling flaw allows LibreLogo script execution LibreOffice 6.2.6/6.3.1：Insufficient URL decoding flaw in categorizing macro location LibreOffice 6.2.6/6.3.0：Insufficient url validation allowing LibreLogo script execution, LibreLogo global-event script execution, Insufficient URL encoding flaw in allowed script location check LibreOffice 6.2.5：LibreLogo arbitrary script execution, remote bullet graphics retrieved in 'stealth mode' LibreOffice 6.1.6/6.2.3：Executable hyperlink targets executed unconditionally on activation LibreOffice 6.0.7/6.1.3：Directory traversal flaw in script execution LibreOffice 5.4.7/6.0.4：Information disclosure via SMB link embedded in ODF document LibreOffice 5.4.6/6.0.2：Heap Buffer Overflow in MSWord Customizations parsing LibreOffice 5.4.5/6.0.1：Remote arbitrary file disclosure vulnerability via WEBSERVICE formula, Use After Free in Structured Storage parser LibreOffice 5.2.5/5.3.0：Heap-buffer-overflow in WMF filter, Heap-buffer-overflow in EMF filter LibreOffice 5.1.6/5.2.2/5.3.0：Arbitrary file disclosure in Calc and Writer LibreOffice 5.1.4/5.2.0：Dereference of invalid STL iterator on processing RTF file LibreOffice 5.0.5/5.1.0：LotusWordPro Bounds overflows in LwpTocSuperLayout processing LibreOffice 5.0.4/5.1.0：LotusWordPro Multiple bounds overflows in lwp filter LibreOffice 5.0.2/5.1.0：Out-of-Bounds Write in Impress' PPT Filter, Out-of-Bounds Write in Writer's ImportOldFormatStyles LibreOffice 4.4.6/5.0.1：DOC Bookmark Status Memory Corruption LibreOffice 4.4.5/5.0.0：Arbitrary file disclosure in Calc and Writer, ODF Integer Underflow (PrinterSetup Length), DOC picetable Integer Overflow LibreOffice 4.3.7/4.4.2：Out of bounds write in HWP file filter LibreOffice 4.2.7/4.3.3：Use-After-Free in socket manager of Impress Remote LibreOffice 4.2.6-secfix/4.3.1：CSV Command Injection and DDE formulas, Arbitrary File Disclosure using crafted OLE objects LibreOffice 4.2.5：Microsoft Office VBA Macro Execution LibreOffice 3.6.7：Microsoft .docm Denial Of Service LibreOffice 3.5.7：Multiple file format denial of service vulnerabilities LibreOffice 3.5.5：Multiple heap-based buffer overflows in the XML manifest encryption handling code LibreOffice 3.5.3：Integer overflows in graphic object loading, Integer overflow flaw with malformed PPT files LibreOffice 3.4.6/3.5.1：XML Entity Expansion flaw by processing RDF file LibreOffice 3.4.3：Multiple vulnerabilities in the 'Microsoft Word' (.doc) binary file format importer, Microsoft

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

LibreOffice 多个安全漏洞汇总 (堆溢出/任意代码执行等)

目标达成感谢每一位支持者 — 我们达成了 100% 目标！